CYPHER-REBELS ELECTRONIC BOOK (CEB) June 30, 1995

CYPHER-REBELS ELECTRONIC BOOK (CEB) June 30, 1995
ISSUE 7
Publisher Gary Lee Jeffers
/* [email protected] */

THE ORIGINAL, FIRST, & OTHER "OFFICIAL" "ORGAN" OF THE CYPHERPUNKS LIST
(That is still in existence.)

NOTE: Items bounded by /* & */ are new text - Differ from last issue.

IS YOUR SOFTWARE TYRANNICIDAL? If so, Cypherpunks & the CEB
want to hear about it!

A compendium of the best software & info for today's electronic
privacy Freedom Fighters. This text may be distributed in part or
in full anywhere you want. It may be given away freely or copies
may be sold. CEB wants to be free & valuable.

If, as Chairman Mao says: "Political power grows out of the barrel of
a gun.", then what is democracy?

Currently, we have Fortress Cryptography & State Sufferance
remailers, mailing lists & newsgroups. We must have Fortress:
remailers, mailing lists & newsgroups!

TABLE OF CONTENTS

Chapter 1. PGP
Section 1. PGP general
Section 2. Michael Johnson's PGP FAQ contribution
Section 3. Stealth PGP.
Section 4. PGP2.6.2 from Sameer.

Chapter 2. Steganography. "A picture is worth a thousand words."

Chapter 3. Shells for PGP
Section 1. Christopher W. Geib's WinPGP26.ZIP
Section 2. Ross Barclay's WinFront 3.0
Section 3. Ed Carp's PGPWIND ver 0.1.g

Chapter 4. Generally cool things.
Section 1. Loompanics sources.
Section 2. Viruses sources.

Chapter 5. Secure Drive download location from Raph.

Chapter 6. Remailers & chained remailers.
Section 1. General

/* New section for DOS/WINDOWS users with batch file. */
Section2. For DOS/WINDOWS users.

Chapter 7. Current problems in Crypt.

Chapter 8. Text sources.
Section 1. Books
Part 1. Simson Garfinkel's PGP book.
Part 2. Bruce Schneier's cryptography book.
Part 3. William Stallings PGP book.
Stallings book is now available! $19.95, 300 pages.
Section 2. Rants
Section 3. CYPHERNOMICON - Tim May's "official" Cypherpunks' FAQ.
/* new address */

Chapter 9. Cypherpunks' mailing list. getting on etc..

Chapter 10. IRC chat strong encryption?
Section 1. prig(cryptical)'s offering.
Section 2. Ed Carp's offer.

FTP to to get CEB7

CCCCCCCCCC YYYY YYYY PPPPPP HH HH EEEEEEE RRRRRRRRR
CCCCCCCCCC YY YY PP PP HH HH EEEEEEE RRRRRRRRR
CCC YY YY PP PP HH HH EE RR RR
CCC YY YY PPPPPP HHHHHHHH EE RR RR
CCC YYY PP HHHHHHHH EEEEEEE RR RR
CCC YYY PP HH HH EEEEEEE RRRRRRRR
CCC YYY PP HH HH EE RRRRRRR
CCC YYY PP HH HH EE RRRRRR
CCCCCCCCCC YYY PP HH HH EE RR RR
CCCCCCCCCCC YYY PP HH HH EEEEEEE RR RR
PP HH HH EEEEEEE RR RR
RRRRRRRRRRR RR RR
RRRRRRRRRRRRRR
RRRRRRRRRRR EEEEEEEEEEE BBBBBBBBBBB SSSSSSS
RRRRRRRR EEEEEEEEE BBB BBBBBBB SSSSSSSSS
RR RRRR EEEEEEEEEE BB BBBBBB SSSSSSSSS
RRR RRRR EEEEEEEE BBB BBBBB SSSSSSSSS
RRR RRRRR EEEEEE BBBBBBBBB SSSSSSSSS
RRRRRRRRRRRRRR EEEEEEE BBBBBB SSSSSSSSSS
RRRRRRRRRRRRRR EEEEEEEEEE BBBBB SSSSSSS
RRRRRRR RRRR EEEEEEEEEE BBBBBB SSSSSSSSSSSSS
RRR RRRRR EEEEEEEEEEEE BBBBBBBB SSSSSSSSSSSS
RRRRR RR EEEEEEEE BBBBBBBBBB SSSSSSSSSS
RR RRRRR EEEEEE BBB BBBBBBB SSSSSSSSSS
RR RRRRR EEEEEE BB BBBBBB SSSSSSSSSS
RRR RRRRRR EEEEEEEEEEE BB BBBBBBB SSSSSSSSSSS
RRRR RRRRRRR EEEEEEEEEEEEE BBBBBBBBBB SSSSSSSSSSSS

PPPPPPPPPPP GGGGGGGGG PPPPPPPPPPP
PPPPPPPPPPP GGGGGGGGG PPPPPPPPPPP
PPP PP GGG PPP PP
PPPPPPPPPPPP GGG GGGGGGG PPPPPPPPPPP
PPPPPPPPPP GGG GGGGGGG PPPPPPPP
PPP GGG GG PPP
PPP GGGGGGGGGGGGG PPP
PPP GGGGGGGGGGGG PPP

Chapter 1. PGP general.

PGP is Pretty Good Privacy from Phil Zimmermann. It is currently the
best available encryption available to civilians at large.
Zimmermann is the programmer on the original PGP versions but now,
apparently, just guides other programmers in making improved versions.
PGP uses two encryption algorithms: RSA for its Public Key powers &
IDEA for its bulk encryption. The advantages of PGP over other
crypt/decrypt systems are:
1. RSA algorithm. Allows users to communicate without needing a secure
channel to exchange keys. - PUBLIC KEY ENCRYPTION.
2. The program system has been very well done & has huge development
support.
3. It has huge popularity.
4. Security is guaranteed with distribution of source code & public
investigation.
5. Its free.
6. Both RSA & IDEA are "STRONG" algorithms.

Section 2: Michael Johnson's PGP FAQ contribution

Michael Paul Johnson <[email protected]> has an excellent faq on
Subject: Where to Get the Latest PGP (Pretty Good Privacy) FAQ
(Last modified: ??????????????? by Mike Johnson)

You can get this faq by anonymous ftp to:
ftp.csn.net /mpj/getpgp.asc

It is also posted monthly on alt.security.pgp

The latest versions of PGP are VIACRYPT PGP 2.7 , MIT PGP 2.6.2
& PGP 2.6ui & the new PGP 2.6.i . Which is best? I would say
MIT PGP 2.6.2 although PGP 2.6.i is a close contender. MIT's has
source code, Phil Zimmerman's blessing & is US legal. For a further
discussion of variations, consult Michael Johnson's FAQ.

Section 3: Michael Johnson's PGP bomb contribution.
From: Michael Johnson <[email protected]>
Subject: PGP Time Bomb FAQ

PGP TIME BOMB FAQ

Michael Johnson writes:
"There has been some confusion about the annoying "Time Bomb" in MIT PGP2.6,
as well as some other PGP version compatibility issues. This is an attempt to
clear up some of that confusion."

You can get this faq by anonymous ftp to:
ftp.csn.net /mpj/pgpbomb.asc

Section 4. PGP2.6.2 from Sameer.

From: sameer <[email protected]>
Subject: PGP 2.6.2 on ftp.csua.berkeley.edu
Date: Thu, 27 Oct 1994 03:19:19 -0700 (PDT)

PGP 2.6.2 is now available on ftp.csua.berkeley.edu in
/pub/cypherpunks/pgp/pgp262

Not for export outside of the United States in violation of
ITAR restrictions.

--
sameer Voice: 510-841-2014
Network Administrator Pager: 510-321-1014
Community ConneXion: The NEXUS-Berkeley Dialin: 510-549-1383
http://www.c2.org (or login as "guest") [email protected]

Section 3. Stealth PGP 37

Stealth PGP refers to a PGP file that does not have the
RSA prefix tag on the beginning of a PGP encrypted file or to PGP
utility software that disguises this tag. Possibly, a later version
of PGP with have this as an option.

The advantages of "Stealthy" PGP are that its files cannot be found
by Internet search programs that hunt for the PGP/RSA tag & that a
"Stealthy" file may be more securely hidden by a good steganography
program.

From: Mark Grant <[email protected]>
Subject: Stealth PGP

Responding to my question "Has Stealth PGP been done yet?"
Mark Grant says:

Kind of, there's a 'stealth' filter available that strips and attaches
headers to PGP messages after encryption. It's available from various
places, and the documentation is available on my 'other people's PGP
addons' WWW page :

http://www.c2.org/~mark/pgp/other.html

There's also information about Privtool, my PGP-aware mail program for
Sun workstations at :

http://www.c2.org/~mark/privtool/privtool.html

Mark

EMAIL: [email protected]
URL : http://www.c2.org/~mark/

Chapter 2. Steganography "A picture is worth a thousand words."

=============================================
%% = !I =
%% %%% = !!! BB =
%%%* *%%%% = **!!** & =
*** @** = u \ x! ) < =
* *** + m ) c $ =
** = # k } � =
� = $%- & u = =
------- = @!p +e$ ~ # =
� = h �6& ; | =
� = =,# {{ =
� = =
� � = =
� � = =
� � =============================================
� � STILL LIFE WITH CRYPT
+++++++++++++++++++++++++++++++++++++++++++++

Steganography is the craft of hiding messages in pictures. The text is,
of course, encrypted text rather than plain text.

The current best steganography program has been done by Arsen Arachelian
Below, follows his text contribution:

From: [email protected] (Arsen Ray Arachelian)

WNSTORM is available from:
ftp.wimsey.bc.ca:/pub/crypto/software/dist/US_or_Canada_only_XXXXXXX/Steg

Usual routine to get it. i.e. cd /pub/crypto/software, get the README
file, and if you agree to the terms then follow the instructions.

Short description off the top of my head (I wrote the beastie) Another
info scrap should be in the same directory as WNSTORM.

WNSTORM is a data encryption/steganography utility which is pretty secure for
most uses. Unlike some stego systems WNSTORM is expandible, all you have to
do is write your own LSB injector/extractor for whatever data format you wish
to hide information into.

WNSTORM doesn't require the recipient of the host picture, sound, movie, etc.
to have the original un-stormed picture. Unlike primitive stego programs,
WNSTORM doesn't compare an stormed picture with an unstormed picture.

WNSTORM will cover its tracks statistically. If it changes a 0 bit in the
LSB data stream to a zero, or a 1 bit to a 1, it does nothing. If it changes
a 1 bit to a zero, it will balance itself by changing an unused adjacent 0
bit to a 1. Ditto for a 0->1 transform.

WNSTORM will NOT change every bit of the LSB in order to prevent detection.
It will use a passkey along with a probabilistic algorithm to decide which
bits it will change. The algorithm for picking bits depends on the previous
succesfully encoded/decoded cyphertext AND the passkey.

Internally WNSTORM works by picking "windows" or "packets" of bytes out of
either a random number stream or an LSB stream extracted from a picture,
sound, movie, etc. It then injects eight bits of cyphertext into this window.
Each window is of variable size. The bit locations where the bits are inserted
are randomly exchanged for each pass. The bit values are also randomly
exchanged for each pass.

WNSTORM includes an injector/extractor for PCX images, however I will write
more injecotr/extractor programs for it in the future, and OTHERS can do so
as well.

Chapter 3. Shells for PGP.

Section 1. Christopher W. Geib's WinPGP26.ZIP

From: "David K. Merriman" <[email protected]>
Subject: Christopher W. Geib's Windows PGP shell

I've just finished making an ftp deposit to soda in the cypherpunks/
incoming directory of WinPGP26.ZIP; it's the latest version of the
Windows PGP shell Shareware, and understands 2.6/2.6ui/2.7.

Dave Merriman

Section 2. Ross Barclay's WinFront 3.0

From: Ross Barclay <[email protected]>
Subject: PGP WinFront 3.0 Now Available! (New Windows front end for PGP)
To: [email protected], [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
signature wrecked due to included text from another contributor.
Gary Jeffers

Announcing PGP WinFront 3.0
~~~~~~~~~~~~~~~~~~~~~~~~~~~

A freeware Windows front end for PGP 2.3a and 2.6
Copyright 1994 Ross Barclay ([email protected])

WHAT IT IS:

- PGP WinFront is the most fully featured free (or
otherwise) Windows front end available. It will make
using PGP easy for beginners, and it will drastically
increase the speed at which experts use it too.

PGP WinFront is now into is third revision and I have
tried to implement as many of the suggestions that I
received as possible. PGP WinFront was designed by
its users, but was coded by me.

Features:

- Supports secret key ring placement on floppy drive
- Support en/decryption to/from clipboard
- Move / Copy / Delete files
- Online hypertext help
- Online hypertext PGP help
- Keyring reader to pick names, view key characteristics
- Keyring reader supports less-often used "huge" keyrings
- Signature Checker
- Very configurable - over 25 user-definable settings
- more . . .

This program does too much to list here. And it's free!

This version is a complete rewrite of the popular
PGP WinFront 2.0. The feature-set has largely been
set by users who sent in suggestions.

Please read the file README.TXT and peruse the help
files. Please send me your comments.

HOW TO GET IT:

At the moment, there are 2 ways to get this program:

1) Via FTP

- The PGP WinFront 3.0 filename is called PWF30.ZIP.

- It has been uploaded to the incoming directories of
the following FTP sites:

ftp.cica.indiana.edu
ftp.eff.org
ftp.wimsey.bc.ca
from Gary Jeffers. There has been a problem getting pwf30 from these
sites. However, it CAN ACTUALLY be ftp'ed with the following info.:

ftp.wimsey.bc.ca:
/pub/crypto/software/dist/US_or_Canada_only_XXXXXXXX/PGP/Misc/pwf30.zip

--
Mark Henderson -- [email protected], [email protected] (personal accounts)
RIPEM 1.1 MD5OfPublicKey: F1F5F0C3984CBEAF3889ADAFA2437433
ViaCrypt PGP Key Fingerprint: 21 F6 AF 2B 6A 8A 0B E1 A1 2A 2A 06 4A D5 92 46
cryptography archive maintainer -- anon ftp to ftp.wimsey.bc.ca:/pub/crypto

black.ox.ac.uk
soda.berkeley.edu
ftp.informatik.uni-hamburg.de
ftp.ee.und.ac.za
ftp.demon.co.uk

- Hopefully, they will be slotted into the PGP directories
soon. On CICA, it will be placed into \pub\pc\win3\utils.
That is where PWF20.ZIP was placed.

- Once you get the program, please upload it to other
FTP sites!

2) From Colorado Catacombs BBS

- dial (303)772-1062. The file is called PWF30.ZIP

- once you get the program, please upload it to other
BBSs.

*** The mail access system I had was discontinued. This is
because the file was too big to fit into my account.
However, you can still register PWF and request certain
PGP and PWF related items using my mail access system.
Details of these are on the "About" screen of PWF 30.

- --Ross Barclay

- -------------------------------------------------------------------------
Ross Barclay ([email protected]), Assistant Editor | To receive my PGP
| public key, send
PC NEWS Review: Windows Edition | me e-mail with the
Bellevue, WA (206) 399-8700 | subject: GET KEY
- -------------------------------------------------------------------------
To receive PC NEWS Review, send me e-mail with the subject: GET PNR.
- -------------------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQBVAwUBLmZ7fdgpRteEZ9JhAQFeXgIAxIpvJQeMsx7YecNgtusBDMqL662XFeX2
qL0qF8HcN4ReZ9MYjtn9t8N1zWGxkPOXQEI3KfM7uk8JTzxjZ5LG2g==
=gSYT
-----END PGP SIGNATURE-----

Section 3. Ed Carp's PGPWIND version 0.1.g

From: [email protected] (Ed Carp)
Subject: PGP For Windows 0.1.g release
Date: Thu, 17 Nov 1994 01:44:41 -0800 (PST)

-----BEGIN PGP SIGNED MESSAGE-----

The latest release of PGP For Windows is in

ftp.netcom.com:/pub/ecarp/pgpwind.zip

Several bug fixes, and an occasional feature or two :) Now you can set the
font for the program if you don't like the default. ;)

Thanks to Dave Merriman and D. Morgan for beta testing.

The next release will hopefully have online help for the program itself, even
though it's pretty straightforward. Comments, bug reports to me. Thanks!
- --
Ed Carp, N7EKG [email protected], [email protected]
Finger [email protected] for PGP public key [email protected]
If you want magic, let go of your armor. Magic is so much stronger than
steel! -- Richard Bach, "The Bridge Across Forever"

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBLssmBSS9AwzY9LDxAQHa/QP/YjxnZJWlK4VWrolr1fe75m/0YjGhHyEN
dLsLOUbiR0riz6oO0WaExQUaSh4mefpgniHc9tSkCreL6dBG+hdA6qwNlUVMCANV
dxAXw0E9SQUxoLDPY1pbbEcyoDmu7Im2qg52WTMvKELbKWOyiIdtbc+BupCjfhw3
g6YPzIAXaB4=
=vYWD
-----END PGP SIGNATURE-----

Chapter 4. Generally cool things.

Section 1. Loompanics sources.
Something cool from Vincent:

Most of the Loompanics Unlimited catalog is online as:

gopher://gopher.well.sf.ca.us/00/Business/catalog.asc

And you can send mail to them at:

[email protected]

You can also get their catalog at:
Loompanics Unlimited
PO box 1197 33
Port Townsend, Wa.
98368 P id

Send $5.00 for their general catalog - free with any order.

Section 2. Viruses sources.

AMERICAN EAGLE PUBLICATIONS

Cypherpunks,
I have found a source of info. that I just must share!

American Eagle Publications, Inc.
P. O. Box 41401
Tucson, AZ 85717

I'm sure they will send you a catalog just for the asking.

So, what are they about? They are about VIRUSES! They don't just
carry a couple of virus things - they are the VIRUSES-ARE-US of the
virus world! They have a journal: Computer Virus Developments Quarterly.
They have books on viruses, virus protection, cryptanalysis, the science
fiction book "Heiland", a CD-ROM for $99.95 of several thousand live
viruses, disks of viruses with source code, executable & utilities,
programs & cards for boot protection, & even a virus IDEA computer
system protector.

Copy follows for two items of particular interest to Cypherpunks:

POTASSIUM HYDROXIDE, KOH
By the "King of Hearts"
A sophisticated piece of software which uses ideas first developed by
computer virus writers to secure your computer system against those who
would like to get their hands on the information in it. You give KOH a
pass phrase, & it uses state of the art IDEA data encryption algorithm
to encrypt all of the information on your hard disk & your floppies. It
is, for all intents & purposes, unbreakable, & works well with DOS &
Windows. Many encryption programs offered commercially are easily
cracked, but this one is not.
Some people call this program a virus, come say it is not. In ways,
it acts like a virus to do some of your security housekeeping for you.
Yet at worst it is a friendly virus that lets you choose when & how
it will replicate.
program & manual on disk, $10
program, full source, & manual on disk, $20
(Overseas customers add $12: KOH cannot be exported from the US, but
since it was not developed in the US, we will forward your order to the
overseas distributor. Please allow 6 weeks for delivery)

HEILAND
By Franklin Sanders
276 pages, Paperback, 1986

Here's an entertaining book about America in the year 2020. If you
wonder if it's proper to use viruses in wartime or if such a virus could
be termed "good", this book will give you some food for thought. Sanders
makes use of computer "worms" when the oppressed people of the US attack
the federal government in an all-out war against tyranny. Sanders uses
his worms right too - not as some all-powerful monster. Rather, they are
deployed as part of a larger military strategy. For a book written in
1986, that's not bad!
And if you're fed up with the government, this book is sure to give
you a vision for the future. Sanders has been part of the mounting tax
protest in this country. He's fought the IRS in court for years & won
some important battles. Unfortunately the government seems to be con-
firming some of his worst suspensions about them. Now you can get a good
dose of his philosophy & his ideas about remedying our problems. And if
you work for the government, don't be offended - this book is doubly
recommended for you!
Book, $8.00

for shipping add $2 per book. 5% sales tax for AZ. residents.

It is my belief that in the next few years more uses for viruses
than just being a vandal will be found. Also, they may find a place
in protecting our electronic freedom. - for instance virus remailers.
Also see my previous post - The FREEDOM DEAMON. Also, they have a place
in my CHATTERBOX concept(a remailer for chat mode or commands).
"Viruses aren't just for Sociopaths anymore!"
Also, I suspect the state may start cracking down on virus tech-
nology. Incidentally, did you all know that crypt has a place in modern
viruses? Encryption is used to hide "nasty" code & virus signatures
until they get into the system & decrypt.
Yours Truly,
Gary Jeffers

PUSH EM BACK! PUSH EM BACK!
WWWAAAYYY BBBAAACCCKK!
BBBEEEAAATTTTT STATE !

Chapter 5. Secure Drive download location from Raph.
ftp to ftp.netcom.com mpj/I_will_not_export/crypto??????
Hunt around & read his read file.

Files in this directory are not for export from the USA and Canada.

secdev13.arj -- Secure Device file hosted device driver by Artur Helwig
of the Netherlands.
sfs110.zip -- Secure File system by Peter Gutman of New Zealand
secdr13e.zip -- Secure Drive by Mike Ingle and Edgar Swank of the USA

Chapter 6. Remailers & chained remailers.

Section 1. General

From: [email protected] ([email protected] +1-510-484-6204)
Message-Id: <[email protected]>
To: [email protected]
Subject: Re: Using remailers, chained remailers?

There's somebody who posts a remailer summary to the list about monthly.

Text correction follows from Zarr

--
[email protected] (Admin of The Anonymous Contact Service)

* There are three or four sets of remailers out there:
* - anon.penet.fi, which gives you an account [email protected]
* which people can reply to. Please, send a message to
* [email protected] to receive an anon ID. You probably also want
* to send a message to [email protected] to receive the help file.
* Its big use is for anonymous Usenet posting with working replies.
end of text correction.

some also support Usenet posting. Soda is pretty typical.

- The cypherpunks remailers, which are mostly one-way no-reply mailers;
- Various enhanced cypherpunks remailers, which have features like
encrypted reply addresses you can attach at the end.

You can get information on using the soda remailer by sending email
to [email protected], with "help" somewhere in the posting;
I'm not sure if it wants it in the Subject: or in the body.
That's the remailer that posts from "Tommy the Tourist" with
random NSA-bait at the bottom of postings.

Here's a recent posting on getting status of remailers.
Note that some really only remail once per day, so they may be
working fine even if it says they're not.

----
Date: Mon, 15 Aug 1994 13:39:33 -0700
From: Raph Levien <[email protected]>
To: [email protected]
Subject: "finger [email protected]" now operational

Hi all,

I have written and installed a remailer pinging script which
collects detailed information about remailer features and reliability.

To use it, just finger [email protected]

There is also a Web version of the same information, at
http://http.cs.berkeley.edu/~raph/remailer-list.html

Please do not take the uptime figures too seriously, at least for
another week or so. The script has only been running reliably for a
few days.

Please let me know about any other remailers which I missed. I've
only included remailers which can mail to arbitrary addresses, so I
already know chop and twwells are missing.

If you've got a Web page, please feel free to include a link to
this page. If you think your Web page is relevant to the subject of
remailers, let me know and I'll link it in.

Comments and suggestions welcome!

Raph Levien

-------
# Bill Stewart AT&T Global Information Solutions, aka NCR Corp
# 6870 Koll Center Parkway, Pleasanton CA, 94566 Phone 1-510-484-6204 fax-6399
# email [email protected] [email protected]
# ViaCrypt PGP Key IDs 384/C2AFCD 1024/9D6465

/*
Section 2. For DOS/WINDOWS users.

Hello Gary --

> Besides demon.co.uk & Penet, are there any remailers that a DOS machine user
> can use? & how would I use the remailers? Thank You, Gary Jeffers

Any of the type I remailers (non-mixmaster, that is) can
be used from a DOS box if you can get the mail off it to
the first remailer somehow. Hand remailer nesting is a
pain, so batch files are in order.

You might try this -- it's based on the Karl Barrus scripts,
modified to do only remailer chaining (no reply blocks) and
to id keys by number rather than remailer name so as to reduce
opportunity for ambiguity. You'll need to increase the DOS
environment space to use a lot of remailers. The message
will be threaded through the remailers listed by number in
right-to-left order, and you send the initial message to
the "last", ie. rightmost, remailer in the list you give.

The syntax is:
lm <filename> <target address> <remailer number> [next number] [etc.]

Test the remailers with single bounces to yourself: it's been
a while since I purged non-responders from this collection.

regards,
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Dept. of Biology Jennifer Mansfield-Jones
University of Michigan [email protected]
http://www.umich.edu/~cardtris/cardtris.htm <--- PGP key available

This batch file prepares a file for transmission to the last file in
the parameter list. It pgp encrypts it as well as adding other info..
lm is name of the batch file (lm.bat). Target address is where you want
to send it. 1st you run the batch file with the parameters. This will
prepare your file for sending. At end of execution, the batch file will
give you the remailer address to send to & repeat the name of the file to
send. Be sure to have available pgp & pubring.pgp with the public keys
of the remailers that you referred to. The batch file will search for
them. You can get the remailer public keys from:
[email protected] . Send this keyserver a msg in the subject
line saying: get theremaileraddress. -GLJ

-=-=-=-=-=- <schnipp> -=-=-=-=-=-
@echo off
rem lm.bat - allows routing a message through various remailers
rem simplified from the excellent work of
rem Karl Barrus - [email protected]
rem last update 7/14/93 (barrus)
rem Last modified by JMJ ([email protected]) 3/4/95

rem if no parameters, print help file
if '%1'=='' goto help

rem get file name
shift
set filename=%0
if not exist %filename% goto errnofile

rem set up encrypted pgp header
echo ::> zzztemp1.txt
echo Encrypted: PGP>> zzztemp1.txt
echo.>> zzztemp1.txt

rem package message file under last remailer's encryption
copy %filename% zzztemp3.txt > nul

rem start with empty message file
echo.>> zzztemp3.txt

rem get email address
shift
set to=%0
if '%to%'=='' goto errmail

:repeat

rem bugtesting
rem type zzztemp3.txt

shift
if '%0'=='' goto finish

if '%0'=='1' set [email protected]
if '%0'=='1' set rky=0x3F0BB437
if '%0'=='2' set [email protected]
if '%0'=='2' set rky=0x8E5620D5
if '%0'=='3' set [email protected]
if '%0'=='3' set rky=0xF4FD5A2D
if '%0'=='4' set [email protected]
if '%0'=='4' set rky=0x0E888D01
if '%0'=='5' set [email protected]
if '%0'=='5' set rky=0xFACD184D
if '%0'=='6' set [email protected]
if '%0'=='6' set rky=0xD6F626DD
if '%0'=='7' set [email protected]
if '%0'=='7' set rky=0xF560A7E5
if '%0'=='8' set [email protected]
if '%0'=='8' set rky=0x8E6A1F51
if '%0'=='9' set [email protected]
if '%0'=='9' set rky=0x4BCDAC0D
if '%0'=='10' set [email protected]
if '%0'=='10' set rky=0x8DC37915
if '%0'=='11' set [email protected]
if '%0'=='11' set rky=0x21A45C25
if '%0'=='12' set [email protected]
if '%0'=='12' set rky=0x355191BD
if '%0'=='13' set [email protected]
if '%0'=='13' set rky=0x2A5F9071
if '%0'=='14' set [email protected]
if '%0'=='14' set rky=0xA9C362F9
if '%0'=='15' set [email protected]
if '%0'=='15' set rky=0x7DEFC571
if '%0'=='16' set [email protected]
if '%0'=='16' set rky=0x6B4F0AE5
if '%0'=='17' set [email protected]
if '%0'=='17' set rky=0x20BA80A9
if '%0'=='18' set [email protected]
if '%0'=='18' set rky=0x25AB43C1

rem set up remailing request header
echo.> zzztemp2.txt
echo ::>> zzztemp2.txt
echo Request-Remailing-To: %to%>> zzztemp2.txt
echo.>> zzztemp2.txt

rem append previous message
copy zzztemp2.txt + zzztemp3.txt zzztemp4.txt > nul
del zzztemp2.txt
rename zzztemp4.txt zzztemp2.txt

rem bughunting
rem type zzztemp2.txt
rem echo %rto%

pgp -eta zzztemp2.txt %rky%
copy zzztemp1.txt + zzztemp2.asc zzztemp3.txt > nul

set to=%rto%

goto repeat

:finish

rem append blank line onto tem3 file
echo.>> zzztemp3.txt

copy zzztemp3.txt zzztemp4.txt > nul
rem copy zzztemp3.txt+%filename% zzztemp4.txt > nul

del %filename%

rename zzztemp4.txt %filename%
echo Remember to mail %filename% to %to%

goto done

:help
echo Usage: lm filename recipient_address remailer# [remailer#]...
echo Remailers:
echo 0: Test purposes
echo 1: [email protected] #
echo 2: [email protected] #
echo 3: [email protected] #
echo 4: [email protected] # delay
echo 5: [email protected] # delay
echo 6: [email protected] # delay P
echo 7: [email protected] # delay P
echo 8: [email protected] (l!) #
echo 9: [email protected] # delay
echo 10: [email protected] # latent
echo 11: [email protected] # delay
echo 12: [email protected]
echo 13: [email protected]
echo 14: [email protected]
echo 15: [email protected] (unt)
echo 16: [email protected] (unt)
echo 17: [email protected]
echo 18: [email protected] (unt) # delay

goto end

:errmail
echo Error: no destination specified
goto done

:errnofile
echo Error: file %filename% does not exist
goto end

:done
del zzz*.*

:end
-=-=-=-=-=- <schnipp> -=-=-=-=-=-

*/

Chapter 7. Current problems in Crypt.

1. Has Arsen Arachelian really solved the problem of discovery of crypt
in steganograpy by statistical examination of the least significant
bits in his WNSTROM? I have seen no debate on this.
2. If the Feds capture the internet & put their anti-privacy hardware
& protocols in place & outlaw remailers, does anyone have any idea
how to build secure & effective remailers? A "Fortress remailer"?
3. If the above possibility happens & Cyperpunks' list is outlawed,
does anyone have ideas how to make a "Fortress list"?

Currently, we have Fortress Cryptography & State Sufferance
remailers, mailing lists & newsgroups. We must have Fortress:
remailers, mailing lists & newsgroups!

Chapter 8. Text sources.
Section 1. Books.

Part 1. Simson Garfinkel's PGP book.

From: Stanton McCandlish <[email protected]>
Subject: O'Reilly PGP book
Date: Wed, 7 Sep 1994 13:38:58 -0400 (EDT)

coming soon, PGP hits the mainstream:

PGP: Pretty Good Privacy
by Simson Garfinkel
1st Edition November 1994 (est.)
250 pages (est),ISBN: 1-56592-098-8, $17.95 (est)

PGP is a freely available encryption program that protects the
privacy of files and electronic mail. It uses powerful public key
cryptography and works on virtually every platform. PGP: Pretty Good
Privacy by Simson Garfinkel is both a readable technical users guide and
a fascinating behind-the-scenes look at cryptography and privacy. Part I
of the book describes how to use PGP: protecting files and email,
creating and using keys, signing messages, certifying and distributing
keys, and using key servers. Part II provides background on cryptography,
battles against public key patents and U.S. government export restrictions,
and other aspects of the ongoing public debates about privacy and free
speech.
--
<A HREF="http://www.eff.org/~mech/mech.html"> Stanton McCandlish
</A><HR><A HREF="mailto:[email protected]"> [email protected]
</A><P><A HREF="http://www.eff.org/"> Electronic Frontier Fndtn.
</A><P><A HREF="http://www.eff.org/~mech/a.html"> Online Activist </A>

Part 2. Bruce Schneier's cryptography book.

The best book in cryptography is:
APPLIED CRYPTOGRAPHY Protocols, Algorithms, and Source Code in C
by Bruce Schneier
Loompanics advertising copy follows:
In Applied Cryptography, data security expert Bruce Schneier details
how programmers can use cryptography - the technique of enciphering
messages - to maintain the privacy of computer data. Covering the latest
developments in practical cryptographic techniques, the book shows
programmers who design computer software and systems we use every day.
Along with more than 100 pages of actual C source code of working
cryptographic algorithms, this pratical handbook:

* Explains data encryption protocols and techniques currently in use
and likely to be used in the future.
* Offers numerous present day applications - from secure correspondence
to anonymous messaging.
* Includes numerous source code fragments and shows how to incorporate
them into larger programs.
* Discusses related issues like patents, export laws, and legal rulings.
And much more!

1994, 7 1/2 x 9, 636 pp, Illustrated, indexed, soft cover.
APPLIED CRYPTOGRAPHY: $44.95
(order number 10062)
$4.00 for shipping and handling. UPS ground. Additional $7.50 if you
want UPS w day air(blue)- that would be $11.50.

Loompanics Unlimited
PO Box 1197
Port Townsend, WA 98368

Part 3. William Stallings PGP book.

From: William Stallings <[email protected]>
The book's foreword is by Phil Zimmerman who highly praises the book & e
states that he prefers it to his own documentation when he needs to look
something up! The book's table of contents, then the foreword follows:

| Bill Stallings | PGP key available at | also from Stable
| Comp-Comm Consulting | gopher.shore.net | Large Email Database
| P. O. Box 2405 | in members/ws | contact
| Brewster, MA 02631 | | [email protected]

Protect Your Privacy: The PGP User's Guide

William Stallings

(Prentice-Hall, ISBN 0-13-185596-4)
$19.95, 300 pages

Table of Contents

Foreword by Phil Zimmermann

Acknowledgments

Reader's Guide to the PGP User's Guide

Chapter 1 Protect Your Privacy!
1.1 What is PGP?
1.2 PGP Versions

Part I HOW PGP WORKS

Chapter 2 Basic Principles of PGP
2.1 Conventional Encryption
2.2 Public Key Encryption
2.3 Secure Hash Functions

Chapter 3 Sending and Receiving PGP Messages
3.1 PGP: The Big Picture
3.2 PGP is Not E-Mail
3.3 Public Keys and Private Keys
3.4 Digital Signatures
3.5 Compression
3.6 Message Encryption
3.7 E-Mail Compatibility
3.8 The Order of Operations in PGP

Chapter 4 PGP Features
4.1 Multiple Recipients
4.2 Encrypting Local Files
4.3 The Display-Only Option
4.4 Wiping
4.5 Protecting Text Files
4.6 Signature Options

Chapter 5 Key Generation and Secret Key Management
5.1 Creating Public/Secret Key Pairs
5.2 Secret Key Management

Chapter 6 Public Key Management
6.1 Exchanging Public Keys
6.2 Certifying Public Keys
6.3 Owner Trust and Key Legitimacy

Part II USING PGP

Chapter 7 DOS PGP: Getting Started
7.1 Getting Started
7.2 Key Generation
7.3 Signing Your Key
7.4 Extracting Your Key
7.5 Preparing a Message for Transmission
7.6 Processing a Received Message
7.7 Adding Keys to Your Public Key Ring
7.8 Certifying PGP

Chapter 8 DOS PGP Reference
8.1 Message/File Processing
8.2 Key Management
8.3 Miscellaneous Commands and Options
8.4 The config.txt File
8.5 Using a DOS Shell

Chapter 9 Macintosh PGP: Getting Started
9.1 Getting Started
9.2 Key Generation
9.3 Signing Your Key
9.4 Extracting Your Key
9.5 Preparing a Message for Transmission
9.6 Processing a Received Message
9.7 Adding Keys to Your Public Key Ring
9.8 Certifying MacPGP

Chapter 10 Macintosh PGP Reference
10.1 PGP Messages Window
10.2 Help Menu
10.3 File Menu
10.4 Key Menu
10.5 Options Menu

Chapter 11 Windows PGP
11.1 WinPGP
11.2 PGP WinFront

PART III Supplemental Information

Chapter 12 The Building Blocks of PGP
12.1 Conventional Encryption: IDEA
12.2 Public Key Encryption: RSA
12.3 Secure Hash Function: MD5

Chapter 13 Choosing Your Passphrase
13.1 How to Guess a Passphrase
13.2 How to Choose an Unguessable Passphrase

Chapter 14 Where to Get PGP

Chapter 15 Public Key Servers
15.1 How to Use Public Key Servers
15.2 Where to Find Public Key Servers
15.3 Stable Large EMail Database (SLED)

Chapter 16 PGP 3.0

Foreword by Philip Zimmermann

This book is about Pretty Good Privacy, a program I created to encrypt e-
mail using public key cryptography. PGP was electronically published as
free software in 1991. Little did I realize what this project would lead to.
PGP has become the worldwide de facto standard for e-mail encryption.
I've admired Bill Stallings's writings in computer science for some
years before PGP, and here he is writing a book about my program. How
can I talk about how great his book is, without, by implication, talking
about how great PGP is? It's hard to write a foreword for his book about
PGP without sliding into some measure of self-indulgence.
I've been so close to this project for so long that I sometimes lose
sight of the scope of what PGP provides. I got the manuscript for Bill's book
in the mail the other day -- the book you are holding. Sitting down with it,
flipping through it, endless pages of diagrams, the formal treatment of it,
services provided by PGP. It wasn't till I saw his book on PGP that I could
step back and see PGP as others see it. The breadth of it. As a software
engineer, I'm used to either documenting my own software, or having a
random company tech writer document it. All software engineers get that.
But having William Stallings do the manual for your software -- it's sort of
like having your portrait done by a world-class artist.
There are a very small number of software packages that have far-
reaching political implications. Most software that fits in such an influential
category has negative effects on our civil liberties. For example,
government intelligence agencies use a software package called PROMIS,
which is a powerful tool of governments to track people's activities,
movements, spending, political affiliations, et cetera. Now that is a piece of
software with far-reaching political implications. Mostly bad ones. Then
there is the software that the Medical Information Bureau uses to classify
people who file medical insurance claims, to put them on a medical "black
list", so that they cannot purchase any medical insurance ever again. That
software has far-reaching political implications -- enough to raise a large-
scale backlash in our society to do something about it. In most cases, it
seems that software that has powerful political effects is software designed
to strengthen the strong and weaken the weak.
But PGP also has far-reaching political implications. Mostly good ones.
In the Information Age, cryptography affects the power relationship
between government and its people. The Government knows this all too
well, as evidenced by their recent policy initiatives for the Clipper chip,
which would give the Government a back door into all our private
communications -- an Orwellian "wiretap chip" built into all our
telephones, fax machines and computer networks. PGP strikes a blow
against such dark trends, and has become a crystal nucleus for the growth
of the Crypto Revolution, a new political movement for privacy and civil
liberties in the Information Age. This government has done all they can to
stop the emergence of a worldwide encryption standard that they don't
have a back door into. And that same government has placed me under
criminal investigation for unleashing this free software on the world. If
indicted and convicted, I would face 41 to 51 months in a federal prison.
Despite the pressure the Government has brought to bear against
PGP (or perhaps because of it), PGP has become the most widely used
software in the world for e-mail encryption, used by a variety of activists,
and anyone else needing protection from the powerful. It's also used by
ordinary people to protect their personal and business communications
from prying eyes.
PGP may have a future as an official Internet standard, as the
Internet Engineering Task Force develops an interest in it. No one who
wants to work in the area of Internet e-mail privacy should neglect
studying PGP. Because of the "fax machine effect", more people who want
to encrypt their e-mail are getting PGP because everyone else who
encrypts their e-mail is already using it.
Naturally, I want people to read the Official PGP User's Guide, which
comes with the electronic distribution package of PGP (also in book form
from MIT Press), because I wrote it. Also, I'm more entertaining and
personable in my book. And more political. But Bill Stallings' book is more
comprehensive than mine, more thorough, covering more detail, with a lot
more diagrams. He's really good at completely nailing it down in a book. In
fact, I'll probably use his book myself as my preferred reference to PGP.

Philip Zimmermann
Boulder, Colorado
PGP Fingerprint:
9E 94 45 13 39 83 5F 70
7B E7 D8 ED C4 BE 5A A6

Section 2. Rants.

For good rants FTP to soda.berkeley.edu /pub/cypherpunks/rants

Section 3. CYPHERNOMICON - Tim May's "official" Cypherpunks' FAQ.
This is a giant (1.3MB uncompressed) faq by Tim May.

To get it by anonymous ftp:
ftp to ftp.netcom.com /pub/tc/tcmay - This directory has it & its
associated files. CP-FAQ - also has 2 associated indexes.

Chapter 9. Cypherpunks' mailing list. getting on etc..

>>>> help
This is Brent Chapman's "Majordomo" mailing list manager, version 1.92.

In the description below items contained in []'s are optional. When
providing the item, do not include the []'s around it.

It understands the following commands:

subscribe <list> [<address>]
Subscribe yourself (or <address> if specified) to the named <list>.

unsubscribe <list> [<address>]
Unsubscribe yourself (or <address> if specified) from the named <list>.

get <list> <filename>
Get a file related to <list>.

index <list>
Return an index of files you can "get" for <list>.

which [<address>]
Find out which lists you (or <address> if specified) are on.

who <list>
Find out who is on the named <list>.

info <list>
Retrieve the general introductory information for the named <list>.

lists
Show the lists served by this Majordomo server.

help
Retrieve this message.

end
Stop processing commands (useful if your mailer adds a signature).

Commands should be sent in the body of an email message to
"[email protected]".

Commands in the "Subject:" line NOT processed.

If you have any questions or problems, please contact
"[email protected]".

Chapter 10. IRC chat strong encryption?

Section 1. prig (cryptical)'s contribution.

Do we really have this capability now? According to following post we
do! This info has not been verified yet. You may want to experiment
for yourself.

Section 1. prig(cryptical)'s offering.

From: [email protected]
Subject: IRC Encryption

There was a thread a while back about encrypted conversations on channel
#freedom on irc. I came across the software I believe they are using. Its
a package called Circ, and it is available from archives of
comp.sources.misc volume 38 issue 10. It is interesting in that it uses
RSA for key exchange, and triple DES for the encryption. The Circ package
includes an earlier implementation "socks" which is a stand alone
encrypted irc client. I think this is what they use on #freedom. This is
an interesting tool for a couple of reasons. irc can be as anonymous as
you want to make it. There are ways of hiding what site you're coming
from, your real username, you can change your nick often as you want, and
it's got a high enough usage that you can lose yourself in a crowd.
It supports background file transfers. You can create a channel and lock
it to uninvited people. It is supported pretty much net-wide, if you can
telnet, you can irc. Interesting stuff, and I'll be playing more with it
in the near future.

BTW: my nick is cryptical on irc. :)

Section 2. Ed Carp's offer.

According to Ed Carp, the package has been around for a long time &
he's had it on his system for monthes. Ed says: "If anyone wants it,
they can email me and I'll send it to them, tarred, gripped, and
uuencoded."
Ed Carp is [email protected]

PUSH EM BACK! PUSH EM BACK!
WWWAAAYYYY BBBAAACCCK!
BBBEEEAAATTTT STATE!