Xref: helios.physics.utoronto.ca alt.security.pgp:11426 alt.answers:2469 news.answers:21453
From: email@example.com (Gary Edstrom)
Subject: alt.security.pgp FAQ (Part 3/5)
Summary: Frequently Asked Questions (FAQ) for alt.security.pgp
Keywords: pgp privacy security encryption RSA IDEA MD5
Reply-To: firstname.lastname@example.org (Gary Edstrom)
Organization: Sequoia Software
X-Newsreader: TIN [version 1.2 PL1]
Date: Mon, 18 Apr 1994 00:52:10 GMT
Expires: Sun, 31 Jul 1994 07:00:00 GMT
-----BEGIN PGP SIGNED MESSAGE-----
a flash. PGP encryption will never be the same again! Breeze through
PGP UserID's, KeyID's, Fingerprints, E-mail addresses, Signature's,
Trust Parameter's, and PGP's Validity ratings all in one screen, at
one place, and with a single mouse-click.
PGPShell is archived as pgpshe30.zip at many Internet sites including
garbo.uwasa.fi:/pc/crypt and oak.oakland.edu:/pub/msdos/security and
has been posted to the FidoNet Software Distribution Network (SDN) and
should be on all nodes carrying SDN in a week or so.
To immediately acquire version 3.0 by modem you can call the
Hieroglyphic Voodoo Machine BBS at +1 303 443 2457 or the GrapeVine
BBS at +1 501 791 0124.
Questions or comments? Ping me at --> email@example.com
> PGPUTILS.ZIP at ghost.dsi.unimi.it /pub/crypt/ is a collection of BAT-
files, and PIF-files for windows.
Date: Mon, 21 Feb 1994 14:37:48 GMT
From: firstname.lastname@example.org (Paul C Leyland)
To: email@example.com (Gary Edstrom)
You might want to add pgptalk to your list of pgp-related goodies.
It's a combination of ytalk V2.0 and pgp for private talk(1) over the
Internet. Available from black.ox.ac.uk:/src/security
Date: Thu, 13 Jan 1994 11:06:31 -0500 (EST)
From: Ross Barclay
Subject: FAQ addition
I have a program called PGPWinFront that is a Windows front-end for
PGP. It is really quite good and has things like automatic message
creation, key management, editable command line, one button access to
PGP documentation, etc...
It is almost out in its second revision. It will be out on FTP sites
very soon, and is available currently, and will always be available,
by my automatic mail system.
If people send me (firstname.lastname@example.org) a message with the subject GET
PWF it will be sent to them, in PGP's radix-64 format. Like I said,
it will also be available within the week on FTP sites. by the way my
program is FREEWARE. Check it out if you like. If you use Windows, I
think you'll find it very useful.
Ross Barclay Internet: Barclay@TrentU.Ca
Ontario, Canada CI$ (rarely): 72172,31
Send me a message with the subject GET KEY to get my PGP public key.
PGP with TAPCIS
Subject: Front End Announcement: PGP with TAPCIS
Sender: email@example.com (Usenet Admin)
Date: Tue, 3 Aug 1993 00:58:17 GMT
TAPCIS is a popular navigator/offline message reader used on PCs to
access CompuServe. An add-on program, TAPPKE (TAPcis Public Key
Encryption), has been uploaded to the CompuServe TAPCIS Support Forum
library under "scripts and tools;" this program is an interface between
TAPCIS message-writing facilities and PGP.
When you compose messages in TAPCIS, they get collected into a batch
in a .SND file along with some control information about where and how
the messages are to be posted or mailed; next time you go on-line to
CompuServe, TAPCIS processes any messages waiting in its .SND files.
The TAPPKE add-on can be run before you do this transmission step.
TAPPKE scans messages in a .SND file, and any message that contains a
keyword (##PRIVATE## or ##SIGNATURE##) is extracted and just that
message is handed to PGP for encryption or signature, then reinserted
into the .SND file for transmission.
All this is a simplified interface to make it more convenient to
encrypt/sign messages while still using the normal (and
familiar)message composition features of TAPCIS. TAPPKE doesn't do
any encryption itself, it merely invokes an external encryption engine
to perform the indicated tasks; you can even use it with encryption
programs other than PGP if you set up a few environment variables so
TAPPKE will know what encryption program to run and what command-line
arguments to feed it. The default configuration assumes PGP.
I don't see any point in posting TAPPKE anywhere besides on
CompuServe, since the only people who would have any use for it are
TAPCIS users, and they by definition have access to the CompuServe
TAPCIS forum libraries. However, it's free (I released it to the
public domain, along with source code), so anyone who wants to
propagate it is welcome to do so.
Some mailers apparently munge my address; you might have to use
firstname.lastname@example.org -- or if that fails, fall back to
email@example.com. Ain't UNIX grand? "
Emacs Auto-PGP 1.02
This is a bunch of Elisp, Perl and C to allow you to integrate PGP2
(version 2.2 or later) into your Emacs mailreader (and perhaps also
o Scans the header of a message to be encrypted to determine the
recipients and thus the keys to use to encrypt.
o Incoming encrypted messages can be decrypted once and then stored in
plaintext, but ...
o Information about the recipient keys of an incoming encrypted message
o Incoming signed and encrypted messages are turned into clearsigned
messages (modulo some bugs/misfeatures in PGP).
o Signatures on incoming messages can be verified in place.
o You only have to type your passphrase once, but ...
o Your passphrase is not stored in your Emacs but in a separate small
program which can easily be killed, or replaced (e.g. by an X client
which pops up a window to confirm whether to supply the passphrase -
though no such program exists yet (-:).
o The stored passphrase can easily be used when using pgp from the Unix
command line by using the small wrapper program (which works just like
normal pgp) which the scripts themselves use.
o No modification to the PGP sources necessary.
WARNING: You should probably not use this software if it is likely
that an attacker could gain access to your account, for example
because you are not the sysadmin or the security on your system is
dubious (this is true of most networked Unix systems).
To install it:
Edit the file EDITME to reflect your situation, ie where you want stuff
installed, whether you want to pick up a version from your PATH or run it via
the explicit pathname, etc.
Type `make install'.
This should compile ringsearch and install the programs (using the scripts
included) as you specified in EDITME.
Edit the `dir' file in the Emacs Info directory - add a menu item for Auto-
PGP potining to the file `auto-pgp.info'.
Now read auto-pgp.info if you haven't done so already.
If you find a bug please READ THE SECTION ON REPORTING BUGS!
31st August 1993
From: firstname.lastname@example.org (Jin S Choi)
Current Version: 1.3
Where Available: gnu.emacs.sources
Info Updated: 21-Dec-93
This is an elisp package for encrypting and decrypting mail. I wrote this to
provide a single interface to the two most common mail encryption programs,
PGP and RIPEM. You can use either or both in any combination.
VM mailreader support.
Support for addresses with spaces and <>'s in them.
Support for using an explicit path for the encryption executables.
Key management functions.
The ability to avoid some of the prompts when encrypting.
Assumes mc-default-scheme unless prefixed.
Includes menubar support under emacs 19 and gnus support.
PGPPAGER ver. 1.1
From: email@example.com (Alessandro Bottonelli)
Subject: pgppager 1.1 sources
Date: Tue, 6 Jul 1993 11:37:06 GMT
pgppager, designed to be possibly integrated with elm mail reader.
This programs reads from a specified file or from stdin if no file is
specified and creates three temporary files i(header, encrypted, and
trailer) as needed, in order to store the header portion in clear
text, the encrypted portion still in cipher text, and the trailer
portion of the clear text. Then, if applicable, the clear text header
is outputted, the encrypted portion is piped through pgp as needed,
then the trailer (if any) is outputted. THIS PROCESS IS TRANSPARENT TO
NON PGP ENCRYPTED TEXTS
rat-pgp.el is a GNU Emacs interface to the PGP public key system. It
lets you easily encrypt and decrypt message, sign messages with your
secret key (to prove that it really came from you). It does
signature verification, and it provides a number of other
functions. The package is growing steadily as more is added. It is
my intention that it will eventually allow as much functionality as
accessing PGP directly. The most recent version of rat-pgp.el is
always available via anonymous FTP at ftp.ccs.neu.edu, directory
ENCRYPT.COM is a VMS mail script that works fine for
firstname.lastname@example.org (John O'Leary)
Appendix II - Glossary of Cryptographic Terms
Chosen Plain Text Attack
This is the next step up from the Known Plain Text Attack. In this
version, the cryptanalyst can choose what plain text message he wishes
to encrypt and view the results, as opposed to simply taking any old
plain text that he might happen to lay his hands on. If he can recover
the key, he can use it to decode all data encrypted under this key.
This is a much stronger form of attack than known plain text. The
better encryption systems will resist this form of attack.
A chip developed by the United States Government that was to be used
as the standard chip in all encrypted communications. Aside from the
fact that all details of how the Clipper chip work remain classified,
the biggest concern was the fact that it has an acknowledged trap door
in it to allow the government to eavesdrop on anyone using Clipper
provided they first obtained a wiretap warrant. This fact, along with
the fact that it can't be exported from the United States, has led a
number of large corporations to oppose the idea. Clipper uses an 80
bit key to perform a series of nonlinear transformation on a 64 bit
DES (Data Encryption Standard)
A data encryption standard developed by the United States Government.
It was criticized because the research that went into the development
of the standard remained classified. Concerns were raised that there
might be hidden trap doors in the logic that would allow the
government to break anyone's code if they wanted to listen in. DES
uses a 56 bit key to perform a series of nonlinear transformation on a
64 bit data block. Even when it was first introduced a number of
years ago, it was criticized for not having a long enough key. 56 bits
just didn't put it far enough out of reach of a brute force attack.
Today, with the increasing speed of hardware and its falling cost, it
would be feasible to build a machine that could crack a 56 bit key in
under a day's time. It is not known if such a machine has really been
built, but the fact that it is feasible tends to weaken the security
of DES substantially.
I would like to thank Paul Leyland for the following
information relating to the cost of building such a DES cracking
_Efficient DES Key Search_
At Crypto 93, Michael Wiener gave a paper with the above title. He
showed how a DES key search engine could be built for $1 million which
can do exhaustive search in 7 hours. Expected time to find a key from
a matching pair of 64-bit plaintext and 64-bit ciphertext is 3.5 hours.
So far as I can tell, the machine is scalable, which implies that a
$100M machine could find keys every couple of minutes or so.
The machine is fairly reliable: an error analysis implies that the mean
time between failure is about 270 keys.
The final sentence in the abstract is telling: In the light of this
work, it would be prudent in many applications to use DES in triple-
I only have portions of a virtually illegible FAX copy, so please don't
ask me for much more detail. A complete copy of the paper is being
snailed to me.
Paul C. Leyland
Laszlo Baranyi says that the full paper is available
in PostScript via ftp from:
cpsr.org also makes it available via their Gopher service.
EFF (Electronic Frontier Foundation)
The Electronic Frontier Foundation (EFF) was founded in July, 1990, to assure
freedom of expression in digital media, with a particular emphasis on
applying the principles embodied in the Constitution and the Bill of Rights
to computer-based communication. For further information, contact:
Electronic Frontier Foundation
1001 G St., NW
Suite 950 East
Washington, DC 20001
+1 202 347 5400
+1 202 393 5509 FAX
IDEA (International Data Encryption Algorithm)
Developed in Switzerland and licensed for non-commercial use in PGP.
IDEA uses a 128 bit user supplied key to perform a series of nonlinear
mathematical transformations on a 64 bit data block. Compare the
length of this key with the 56 bits in DES or the 80 bits in Clipper.
ITAR (International Traffic in Arms Regulations)
ITAR are the regulations covering the exporting of weapons and weapons
related technology from the United States. For some strange reason,
the government claims that data encryption is a weapon and comes under
the ITAR regulations. There is presently a move in Congress to relax
the section of ITAR dealing with cryptographic technology.
Known Plain Text Attack
A method of attack on a crypto system where the cryptoanalysit has
matching copies of plain text, and its encrypted version. With weaker
encryption systems, this can improve the chances of cracking the code
and getting at the plain text of other messages where the plain text
is not known.
MD5 (Message Digest Algorithm #5)
The message digest algorithm used in PGP is the MD5 Message Digest
Algorithm, placed in the public domain by RSA Data Security, Inc.
MD5's designer, Ronald Rivest, writes this about MD5:
"It is conjectured that the difficulty of coming up with two messages
having the same message digest is on the order of 2^64 operations, and
that the difficulty of coming up with any message having a given
message digest is on the order of 2^128 operations. The MD5 algorithm
has been carefully scrutinized for weaknesses. It is, however, a
relatively new algorithm and further security analysis is of course
justified, as is the case with any new proposal of this sort. The
level of security provided by MD5 should be sufficient for implementing
very high security hybrid digital signature schemes based on MD5 and
the RSA public-key cryptosystem."
NSA (National Security Agency)
The following information is from the sci.crypt FAQ:
The NSA is the official communications security body of the U.S.
government. It was given its charter by President Truman in the early
50's, and has continued research in cryptology till the present. The
NSA is known to be the largest employer of mathematicians in the
world, and is also the largest purchaser of computer hardware in the
world. Governments in general have always been prime employers of
cryptologists. The NSA probably possesses cryptographic expertise many
years ahead of the public state of the art, and can undoubtedly break
many of the systems used in practice; but for reasons of national
security almost all information about the NSA is classified.
One Time Pad
The one time pad is the ONLY encryption scheme that can be proven to
be absolutely unbreakable! It is used extensively by spies because it
doesn't require any hardware to implement and because of its absolute
security. This algorithm requires the generation of many sets of
matching encryption keys pads. Each pad consists of a number of random
key characters. These key characters are chosen completely at random
using some truly random process. They are NOT generated by any kind of
cryptographic key generator. Each party involved receives matching
sets of pads. Each key character in the pad is used to encrypt one and
only one plain text character, then the key character is never used
again. Any violation of these conditions negates the perfect security
available in the one time pad.
So why don't we use the one time pad all the time? The answer is that
the number of random key pads that need to be generated must be at
least equal to the volume of plain text messages to be encrypted, and
the fact that these key pads must somehow be exchanged ahead of time.
This becomes totally impractical in modern high speed communications
Among the more famous of the communications links using a one time pad
scheme is the Washington to Moscow hot line.
PEM (Privacy Enhanced Mail)
The following was taken from the sci.crypt FAQ:
How do I send encrypted mail under UNIX? [PGP, RIPEM, PEM, ...]?
Here's one popular method, using the des command:
cat file | compress | des private_key | uuencode | mail
Meanwhile, there is a de jure Internet standard in the works called
PEM (Privacy Enhanced Mail). It is described in RFCs 1421 through
1424. To join the PEM mailing list, contact email@example.com.
There is a beta version of PEM being tested at the time of this
There are also two programs available in the public domain for
encrypting mail: PGP and RIPEM. Both are available by FTP. Each has
its own news group: alt.security.pgp and alt.security.ripem. Each has
its own FAQ as well. PGP is most commonly used outside the USA since
it uses the RSA algorithm without a license and RSA's patent is valid
only (or at least primarily) in the USA.
RIPEM is most commonly used inside the USA since it uses the RSAREF
which is freely available within the USA but not available for
shipment outside the USA.
Since both programs use a secret key algorithm for encrypting the body
of the message (PGP used IDEA; RIPEM uses DES) and RSA for encrypting
the message key, they should be able to interoperate freely. Although
there have been repeated calls for each to understand the other's
formats and algorithm choices, no interoperation is available at this
time (as far as we know).
PGP (Pretty Good Privacy)
PKP (Public Key Partners)
Claim to have a patent on RSA.
RSA is the public key encryption method used in PGP. RSA are the
initials of the developers of the algorithm which was done at taxpayer
expense. The basic security in RSA comes from the fact that, while it
is relatively easy to multiply two huge prime numbers together to
obtain their product, it is computationally difficult to go the
reverse direction: to find the two prime factors of a given composite
number. It is this one-way nature of RSA that allows an encryption key
to be generated and disclosed to the world, and yet not allow a
message to be decrypted.
TEMPEST is a standard for electromagnetic shielding for computer
equipment. It was created in response to the fact that information can
be read from computer radiation (e.g., from a CRT) at quite a distance
and with little effort. Needless to say, encryption doesn't do much
good if the cleartext is available this way. The typical home
computer WOULD fail ALL of the TEMPEST standards by a long shot. So,
if you are doing anything illegal, don't expect PGP or any other
encryption program to save you. The government could just set up a
monitoring van outside your home and read everything that you are
doing on your computer.
Short of shelling out the ten thousand dollars or so that it would
take to properly shield your computer, a good second choice might be a
laptop computer running on batteries. No emissions would be fed back
into the power lines, and the amount of power being fed to the display
and being consumed by the computer is much less than the typical home
computer and CRT. This provides a much weaker RF field for snoopers to
monitor. It still isn't safe, just safer. In addition, a laptop
computer has the advantage of not being anchored to one location.
Anyone trying to monitor your emissions would have to follow you
around, maybe making themselves a little more obvious. I must
emphasize again that a laptop still is NOT safe from a tempest
standpoint, just safer than the standard personal computer.
Appendix III - Cypherpunks
What are Cypherpunks?
What is the cypherpunks mailing list?
Eric Hughes runs the "cypherpunk" mailing list
dedicated to "discussion about technological defenses for privacy in
the digital domain." Frequent topics include voice and data
encryption, anonymous remailers, and the Clipper chip. Send e-mail to
firstname.lastname@example.org to be added or subtracted from the list.
The mailing list itself is email@example.com. You don't need to be
a member of the list in order to send messages to it, thus allowing
the use of anonymous remailers to post your more sensitive messages
that you just as soon would not be credited to you. (Traffic is
sometimes up to 30-40 messages per day.)
What is the purpose of the Cypherpunk remailers?
The purpose of these remailers is to take privacy one level further.
While a third party who is snooping on the net may not be able to read
the encrypted mail that you are sending, he is still able to know who
you are sending mail to. This could possibly give him some useful
information. This is called traffic flow analysis. To counter this
type of attack, you can use a third party whose function is simply to
remail your message with his return address on it instead of yours.
Two types of remailers exist. The first type only accepts plain text
remailing headers. This type would only be used if your goal was only
to prevent the person to whom your are sending mail from learning your
identity. It would do nothing for the problem of net eavesdroppers
from learning to whom you are sending mail.
The second type of remailer accepts encrypted remailing headers. With
this type of remailer, you encrypt your message twice. First, you
encrypt it to the person ultimately receiving the message. You then
add the remailing header and encrypt it again using the key for the
remailer that you are using. When the remailer receives your message,
the system will recognize that the header is encrypted and will use
its secret decryption key to decrypt the message. He can now read the
forwarding information, but because the body of the message is still
encrypted in the key of another party, he is unable to read your mail.
He simply remails the message to the proper destination. At its
ultimate destination, the recipient uses his secret to decrypt this
nested encryption and reads the message.
Since this process of multiple encryptions and remailing headers can
get quite involved, there are several programs available to simplify
the process. FTP to soda.berkeley.edu and examine the directory
/pub/cypherpunks/remailers for the programs that are available.
Where are the currently active Cypherpunk remailers?
Any additions, deletions, or corrections to the following list should
be posted on alt.security.pgp and forwarded to me for inclusion in a
future release of the FAQ. The number appearing in the first column
has the following meaning:
1: Remailer accepts only plain text headers.
2: Remailer accepts both plain text and encrypted headers.
3: Remailer accepts only encrypted headers.
Only remailers whose operational status has been verified by me appear
on this list. Remember, however, that this list is subject to change
quite often. Always send yourself a test message through the Remailer
before starting to use it for real.
firstname.lastname@example.org also supports these header commands:
Post-To: (Regular posting to USENET)
Anon-Post-To: (Anonymous posting to USENET)
2 email@example.com [Fwd: firstname.lastname@example.org]
1 email@example.com [Fwd: firstname.lastname@example.org]
The following former Cypherpunk remailers are no longer in service.
Either a message stating that the system had been shutdown was
received, or the test message was returned due to an invalid address,
or no test message was returned after three attempts.
email@example.com [Shutdown message returned]
firstname.lastname@example.org [Mail returned, invalid address]
Are there other anonymous remailers besides the cypherpunk remailers?
Yes, the most commonly used remailer on the Internet is in Finland. It
is known as anon.penet.fi. The syntax for sending mail through this
remailer is different from the cypherpunk remailers. For example, if
you wanted to send mail to me (email@example.com) through anon.penet.fi,
you would send the mail to "firstname.lastname@example.org". Notice that
the "@" sign in my Internet address is changed to a "%". Unlike the
cypherpunk remailers, anon.penet.fi directly supports anonymous return
addresses. Anybody using the remailer is assigned an anonymous id of
the form "an?????" where "?????" is filled in with a number
representing that user. To send mail to someone when you only know
their anonymous address, address your mail to "email@example.com"
replacing the question marks with the user id you are interested in.
For additional information on anon.penet.fi, send a blank message to
"firstname.lastname@example.org". You will receive complete instructions on how to
use the remailer, including how to obtain a pass phrase on the system.
Where can I learn more about Cypherpunks?
FTP: soda.berkeley.edu Directory: /pub/cypherpunks
What is the command syntax?
The first non blank line in the message must start with two colons
(::). The next line must contain the user defined header
"Request-Remailing-To: ". This line must be followed by a
blank line. Finally, your message can occupy the rest of the space. As
an example, if you wanted to send a message to me via a remailer , you
would compose the following message:
[body of message]
You would then send the above message to the desired remailer. Note
the section labeled "body of message" may be either a plain text
message, or an encrypted and armored PGP message addressed to the
desired recipient. To send the above message with an encrypted header,
use PGP to encrypt the entire message shown above to the desired
remailer. Be sure to take the output in armored text form. In front of
the BEGIN PGP MESSAGE portion of the file, insert two colons (::) as
the first non-blank line of the file. The next line should say
"Encrypted: PGP". Finally the third line should be blank. The message
now looks as follows:
-----BEGIN PGP MESSAGE-----
[body of pgp message]
-----END PGP MESSAGE-----
You would then send the above message to the desired remailer
just as you did in the case of the non-encrypted header. Note
that it is possible to chain remailers together so that the
message passes through several levels of anonymity before it
reaches its ultimate destination.
Appendix IV - How to obtain articles from Wired Magazine
Greetings from the WIRED INFOBOT!
This file provides both an index to some general Wired information files
and instructions for getting specific listings of the articles from back
issues of Wired via email.
* * *
Wired General Information Files
* * *
To retrieve the following files, send an email message to
email@example.com containing the word "get" or "send," followed by the
name of the file, in the body of the message. For instance, to retrieve
the submission guide for Wired writers, you would send a message to the
InfoBot containing the following line:
The files will be returned to you via email.
For more information, see the Help file, which can be obtained by
sending a message to the InfoBot containing the following line:
General information files currently available from the Wired InfoBot
include the following:
- ---- -----------
index This file
writers.guidelines Submissions guide for writers
ad.rates Advertising rates and other details
visions New Voices, New Visions 1994
wired.wonders Seven Wired Wonders article (Wired 1.6) plus
some additional Wired Wonders not listed
* * *
Retrieving Files from Previous Issues of Wired
* * *
To retrieve files from back issues of Wired, you first need to retrieve
the index of the files contained in those issues. In order to make file
size more manageable, there are two index files per issue, one for
regular _Wired_ departments (such as Street Cred, Electric Word, and
Electrosphere), and one for feature articles specific to that issue.
To order an index, send a message to the Wired InfoBot containing the
"get" or "send" command, followed by the issue number, a "slash"
character ("/"), either the keyword "departments" or "features", another
"slash" character ("/"), and the word "index".
For those of you who like reading DOS or UNIX manuals, the general case
command looks a little something like this:
For those of you who prefer real examples, if, for instance, you wanted
to order the index to all the feature articles in Wired 1.2, you would
send the command
and to get the index to the regular Wired departments in issue 1.3, you
would send the command
Once you have received the index, you can order specific articles by
simply substituting the keyword for that article for the word "index" in
the above commands. Thus, to order the Street Cred section of issue
1.3, you would send the command
and to get Bruce Sterling's Virtual War article from issue 1.1, you
would use the command
Got it? Great! Happy reading...
* * *
Getting help from a Real Human Being
* * *
We at Wired understand that using any new technology can be frustrating.
If you have any problems using the Wired InfoBot, please send mail to
the Wired InfoBeing (firstname.lastname@example.org), the real human assigned the
task of maintaining this service. Please be patient with the InfoBeing,
as it is also responsible for other important tasks here at Wired. For
instance, if you send a message to the InfoBeing but do not receive a
follow-up, please wait *at least* 24 hours (and hopefully longer) before
sending any additional messages.
We here at Wired Online look forward to expanding our services. If you
have questions or comments regarding this service or others we should
offer, please address them to email@example.com.
Thanks for your support!!!
- --all us folks at Wired Online--
Appendix V - Testimony of Philip Zimmermann to Congress.
Reproduced by permission.
- From netcom.com!netcomsv!decwrl!sdd.hp.com!col.hp.com!csn!yuma!ld231782 Sun
Oct 10 07:55:51 1993
Xref: netcom.com talk.politics.crypto:650 comp.org.eff.talk:20832
From: ld231782@LANCE.ColoState.Edu (L. Detweiler)
Subject: ZIMMERMANN SPEAKS TO HOUSE SUBCOMMITTEE
Sender: news@yuma.ACNS.ColoState.EDU (News Account)
Date: Sun, 10 Oct 1993 04:42:12 GMT
Organization: Colorado State University, Fort Collins, CO 80523
Date: Sat, 9 Oct 93 11:57:54 MDT
From: Philip Zimmermann
Subject: Zimmerman testimony to House subcommittee
Testimony of Philip Zimmermann to
Subcommittee for Economic Policy, Trade, and the Environment
US House of Representatives
12 Oct 1993
Mr. Chairman and members of the committee, my name is Philip
Zimmermann, and I am a software engineer who specializes in
cryptography and data security. I'm here to talk to you today about
the need to change US export control policy for cryptographic
software. I want to thank you for the opportunity to be here and
commend you for your attention to this important issue.
I am the author of PGP (Pretty Good Privacy), a public-key encryption
software package for the protection of electronic mail. Since PGP was
published domestically as freeware in June of 1991, it has spread
organically all over the world and has since become the de facto
worldwide standard for encryption of E-mail. The US Customs Service
is investigating how PGP spread outside the US. Because I am a target
of this ongoing criminal investigation, my lawyer has advised me not
to answer any questions related to the investigation.
I. The information age is here.
Computers were developed in secret back in World War II mainly to
break codes. Ordinary people did not have access to computers,
because they were few in number and too expensive. Some people
postulated that there would never be a need for more than half a
dozen computers in the country. Governments formed their attitudes
toward cryptographic technology during this period. And these
attitudes persist today. Why would ordinary people need to have
access to good cryptography?
Another problem with cryptography in those days was that cryptographic
keys had to be distributed over secure channels so that both parties
could send encrypted traffic over insecure channels. Governments
solved that problem by dispatching key couriers with satchels
handcuffed to their wrists. Governments could afford to send guys
like these to their embassies overseas. But the great masses of
ordinary people would never have access to practical cryptography if
keys had to be distributed this way. No matter how cheap and powerful
personal computers might someday become, you just can't send the keys
electronically without the risk of interception. This widened the
feasibility gap between Government and personal access to cryptography.
Today, we live in a new world that has had two major breakthroughs
that have an impact on this state of affairs. The first is the
coming of the personal computer and the information age. The second
breakthrough is public-key cryptography.
With the first breakthrough comes cheap ubiquitous personal
computers, modems, FAX machines, the Internet, E-mail, digital
cellular phones, personal digital assistants (PDAs), wireless digital
networks, ISDN, cable TV, and the data superhighway. This
information revolution is catalyzing the emergence of a global
But this renaissance in electronic digital communication brings with
it a disturbing erosion of our privacy. In the past, if the
Government wanted to violate the privacy of ordinary citizens, it had
to expend a certain amount of effort to intercept and steam open and
read paper mail, and listen to and possibly transcribe spoken
telephone conversation. This is analogous to catching fish with a
hook and a line, one fish at a time. Fortunately for freedom and
democracy, this kind of labor-intensive monitoring is not practical
on a large scale.
Today, electronic mail is gradually replacing conventional paper
mail, and is soon to be the norm for everyone, not the novelty is is
today. Unlike paper mail, E-mail messages are just too easy to
intercept and scan for interesting keywords. This can be done
easily, routinely, automatically, and undetectably on a grand scale.
This is analogous to driftnet fishing-- making a quantitative and
qualitative Orwellian difference to the health of democracy.
The second breakthrough came in the late 1970s, with the mathematics
of public key cryptography. This allows people to communicate
securely and conveniently with people they've never met, with no
prior exchange of keys over secure channels. No more special key
couriers with black bags. This, coupled with the trappings of the
information age, means the great masses of people can at last use
cryptography. This new technology also provides digital signatures
to authenticate transactions and messages, and allows for digital
money, with all the implications that has for an electronic digital
economy. (See appendix)
This convergence of technology-- cheap ubiquitous PCs, modems, FAX,
digital phones, information superhighways, et cetera-- is all part of
the information revolution. Encryption is just simple arithmetic to
all this digital hardware. All these devices will be using
encryption. The rest of the world uses it, and they laugh at the US
because we are railing against nature, trying to stop it. Trying to
stop this is like trying to legislate the tides and the weather. It's
like the buggy whip manufacturers trying to stop the cars-- even with
the NSA on their side, it's still impossible. The information
revolution is good for democracy-- good for a free market and trade.
It contributed to the fall of the Soviet empire. They couldn't stop
Soon, every off-the-shelf multimedia PC will become a secure voice
telephone, through the use of freely available software. What does
this mean for the Government's Clipper chip and key escrow systems?
Like every new technology, this comes at some cost. Cars pollute the
air. Cryptography can help criminals hide their activities. People
in the law enforcement and intelligence communities are going to look
at this only in their own terms. But even with these costs, we still
can't stop this from happening in a free market global economy. Most
people I talk to outside of Government feel that the net result of
providing privacy will be positive.
President Clinton is fond of saying that we should "make change our
friend". These sweeping technological changes have big implications,
but are unstoppable. Are we going to make change our friend? Or are
we going to criminalize cryptography? Are we going to incarcerate
our honest, well-intentioned software engineers?
Law enforcement and intelligence interests in the Government have
attempted many times to suppress the availability of strong domestic
encryption technology. The most recent examples are Senate Bill 266
which mandated back doors in crypto systems, the FBI Digital
Telephony bill, and the Clipper chip key escrow initiative. All of
these have met with strong opposition from industry and civil liberties
groups. It is impossible to obtain real privacy in the information
age without good cryptography.
The Clinton Administration has made it a major policy priority to
help build the National Information Infrastructure (NII). Yet, some
elements of the Government seems intent on deploying and entrenching
a communications infrastructure that would deny the citizenry the
ability to protect its privacy. This is unsettling because in a
democracy, it is possible for bad people to occasionally get
elected-- sometimes very bad people. Normally, a well-functioning
democracy has ways to remove these people from power. But the wrong
technology infrastructure could allow such a future government to
watch every move anyone makes to oppose it. It could very well be
the last government we ever elect.
When making public policy decisions about new technologies for the
Government, I think one should ask oneself which technologies would
best strengthen the hand of a police state. Then, do not allow the
Government to deploy those technologies. This is simply a matter of
good civic hygiene.
II. Export controls are outdated and are a threat to privacy and
The current export control regime makes no sense anymore, given
advances in technology.
There has been considerable debate about allowing the export of
implementations of the full 56-bit Data Encryption Standard (DES).
At a recent academic cryptography conference, Michael Wiener of Bell
Northern Research in Ottawa presented a paper on how to crack the DES
with a special machine. He has fully designed and tested a chip that
guesses DES keys at high speed until it finds the right one.
Although he has refrained from building the real chips so far, he can
get these chips manufactured for $10.50 each, and can build 57000 of
them into a special machine for $1 million that can try every DES key
in 7 hours, averaging a solution in 3.5 hours. $1 million can be
hidden in the budget of many companies. For $10 million, it takes 21
minutes to crack, and for $100 million, just two minutes. That's
full 56-bit DES, cracked in just two minutes. I'm sure the NSA can
do it in seconds, with their budget. This means that DES is now
effectively dead for purposes of serious data security applications.
If Congress acts now to enable the export of full DES products, it
will be a day late and a dollar short.
If a Boeing executive who carries his notebook computer to the Paris
airshow wants to use PGP to send email to his home office in Seattle,
are we helping American competitivness by arguing that he has even
potentially committed a federal crime?
Knowledge of cryptography is becoming so widespread, that export
controls are no longer effective at controlling the spread of this
technology. People everywhere can and do write good cryptographic
software, and we import it here but cannot export it, to the detriment
of our indigenous software industry.
I wrote PGP from information in the open literature, putting it into
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----